As you know, I'm certainly a believer in layered security. But at times, I wonder when it's becomming "over-kill": with both avast and MBAM running (checking files) in real-time, do I really need a specialized program to check files on my flash drive?
I did not take the time to read the entire thread at avast --- it's over 7 pages now --- but I'm wondering why the avast people there feel the need (weakness in avast?) for this program???
Hernan, in your case, you also have the D+ from Comodo...
But at times, I wonder when it's becomming "over-kill":
Just so everyone is clear on why we post news about all these options for security, it is just that: They are options. By no means do we support the idea that folks should install and run every security tool that comes along. What works for some does not work for others, so we provide information about options.
Years ago, I was eager to at least test --- and often continue to use --- many security products. I would routinely run scan after scan --- seemingly to the point of paranoia --- without ever finding anything [aside from tracking cookies]. I continued to keep some products around (e.g., SpyBot) long after others dropped it, out of a sense of "familiarity"/"comfort". In SpyBot's case --- a program intentionally filled with redundancies to "insure" its protection --- I gradually gave it up piece-by-piece: first, its SDHelper IE-Helper module, then its TeaTimer, then its scanner (as scan times on my older system rose to about 45 minutes), and finally its immunization/HOSTS-file... at which point, there was nothing left of SpyBot.
A year ago, I had occasion to reformat my older system. Starting "fresh" --- and wanting to keep the system "crisp" --- I was very deliberate in what I decided to install. I did not include SpyBot. And I opted for just one alternate browser [in addition to IE].
I have a new system now [while still keeping the older one "around'], which is MUCH faster overall. Regardless, I don't want to install more on it than I have to, more than I will actually use.
Unless you're a total expert, or someone who wants to risk fate, we all need ONE anti-virus on our systems. Which to select is completely up to each user. Most of us gain a familiarity with a product, and then have a sense of comfort staying with it. Some believe the "big name" paid products offer better protection, and don't want to risk "gambling" on a "freebie"... while others rely completely on free products. To each his/her own.
Unfortunately, too many users believe that an anti-virus program guarantees them complete security, and then are shocked when their system becomes infected. What they don't realize is that, if they click on infected e-mail links, or indiscriminately click YES to all prompts, they are giving permission to malware to load onto their system.
That's reason for ONE realtime anti-malware program. I won't be "shy" here: MBAM is the only paid program I advocate people use. It nicely supplements the anti-virus of your choice. And tends to catch most of the rogue programs that can slip-by [even the best of] antiviruses.
Beyond ONE anti-virus, and ONE resident anti-malware program [MBAM or otherwise], it's all a matter of "user's choice": what you feel comfortable with, what you believe works for you. If you wish to install several [non-resident] anti-malware scanners... and run endless scans with them... that's certainly your choice. But if doing so consumes all your time --- eating away at your productivity --- that's when it becomes way too much. Unless you are totally paranoid: for the paranoid, what I consider "over-kill" is what they deem necessary.
We often speak of "safe surfing": avoiding questionable sites (pornography, P2P file sharing), saying this is the first step toward keeping your machine clean. For people who do so, they may be able to get-by with a minimal security configuration. But for those who choose to practice risky behavior, and/or for those who have actually experienced and suffered through a virus/malware infection, then additional [layers of] protection would indeed seem prudent.
So yes, there are good reviews/testing of products offered in this forum. Joe does some excellent work in this capacity. If you like what you read from him... or from other "regulars" like BugBatter, Iroc9555, or RedDawn... go ahead and try things. See what you like... see what [you believe] works for you. Choose as little or as much [non-conflicting] security as you feel you need... of course STOPPING should you encounter actual conflicts, or if you can actually "sense" your system slowing down.
[I realize I'm rambling at this point, not sure what I'm actually trying to say, so I'm just gonna stop here...]
I did not take the time to read the entire thread at avast --- it's over 7 pages now --- but I'm wondering why the avast people there feel the need (weakness in avast?) for this program???
If you read the thread, you will find some members thinking exactly like you "when is enough". On the other hand there are others that like the product. In all fairnes Avast!, MBAM, and Comodo would have to wait for a malicious file to run to be detected. In the pen drive I tried none of my programs detected the infection when It was scanned because I have autorun disabled and I was not going to ejecute the program to find out if Avast! or MBAM or even Comodo would stop it. No program is 100% secured. I was just happy that MCShield detected it in less than 5 seconds and Quarantine them.
Just so everyone is clear on why we post news about all these options for security, it is just that: They are options. By no means do we support the idea that folks should install and run every security tool that comes along. What works for some does not work for others, so we provide information about options.
Exactly my posting about MCShield. Just letting folks know of another security program. :emotion-21:
One additional thought in reference to MCShield: I think much of the decision on whether or not to use that program may depend on how often one uses a Flash drive [or other external storage media]... and how often (if at all) the Flash drive comes from a potentially "untrustworthy source" [by which I mean, anyone other than yourself]. Without doubt, if relatives/friends/colleagues are permitted to use THEIR Flash drives on YOUR computer, then yes, there's a clear need for such additional protection. If however, you're the only one to access your system, and you use the same Flash drive each time [which no one else uses], you should be safe with your anti-virus program [which should have tested the files before allowing them to be saved on your Flash drive]. But yes, even in the latter case, the extra protection couldn't hurt.
I've tested and discarded far more security products over the years than I care to mention. I don't believe any of the security products I currently use were in my war chest 10 years ago. The battle lines against the bad guys keep shifting.
There is no question there is such a thing as "too much security" and a potential for conflicts. And obsessive on-demand scans are probably not a good defensive strategy. But we do need to continually re-evaluate our options.
I'm one of the programmers of MCShield. A birdie told me about this topic, so I came to advertise a bit. :emotion-2:
To begin with, what is MCS? It's a preventive tool meant to block infections that are transmitted via removable drives.
The fact is, for the last 7, 8 years I've been an active forum helper doing malware removal topics. At a certain point in time, I've noticed an irritating issue: some users kept coming back infected after a few days. You're guessing how they got reinfected?
First bobby (the other programmer) made USBNoRisk which was a helper tool and provided means to analyze flash drives and do manual (scripted) cleanup.
While testing USBNoRisk, I've had a chance to play around with a whole bunch of flash infectors and, as the time went by, I noticed that those baddies follow certain "behavior" patterns. So, if I open a flash drive, I see what's bad.
One day I got an idea: what if I could transfer that "human eye / mind based detection" to a number of algorithms? Well, that's exactly what I did.
After some testing, I realized that kind of program could be of use and released it to public. Now? We don't have millions of users, but what makes me believe all this was not a waste of time is the Stats tab (almost 300 thousand treated items, and that's not the realistic number because we started counting items with version 2). So, a few thousand active users and almost 300 k times the program needed to do something. The way I see it, those that need / use this program, definitely have a use for it.
Who needs MCS? Let's put it this way: who needs a firewall? If you're offline, you don't. Do you need it if you're connected to the internet? Yes, you do, but...
If we say that the FW is to protect us from network worms (I know it does more, just ignoring that fact now to make an example :emotion-4:), do we really need it if we use an antivirus? I mean, the AV does detect worms, right? But we still use firewalls, don't we?
To make the long story short: AV needs a signature. MCS, generally, doesn't. If you use flash drives (of any type), then you could have use for a program like this. Simply, MCS is better than an AV when it comes to this kind of infection sources (for a simple reason: it works with non active, non critical files, so it can rely on generic detections much more than an AV can).
It could be said that MCS is targeted at novice / average user, but advanced users could also spare some time (by letting MCS do what they would otherwise need to do manually).
Actions it does? Renames suspicious files, deletes malicious files and malware related folders, restores the attributes of legit files and folders if it determines that they have been hidden by malware. So, it does a bit more that the AV does.
Potential conflicts have been mentioned... Important thing to note is that MCS is a pure user mode program which means it can't cause any real trouble.
There are no drivers that could conflict with your AV and the usage of system resources is minimal (the Drive Monitor simply waits for a new drive and than launches the Drive Scanner).
- fixed an issue regarding encryption of certain quarantined files; - fixed an issue that caused longer scan and wrong tray notification when the program was fixing a false positive.
-----
Note: I have decided to post the update information here, in the thread where we've been discussing McShield, rather than the "daily update" thread we keep at Dell. People who are using or testing this program should keep it updated.
To update. The program will inform you of the new version and it will ask you to download it to the desktop. If you have MCShield active in system tray, right click it and exit before applying the new update, just in case.
There have been two more updates to this program since the last time we posted here:
v
2.4.3.18: 16th December 2012. <====
CURRENT version
- implemented a new generic detection routine (for more precise detection/remediation of Trojan:VBS/Autorun.B (MS));
- added Persian language (thanks to translator Seyed Ehsan Hadi).
v 2.3.3.17: 29th November 2012. <==== ( earlier version )
- fixed an issue that caused some quarantined items not to be shown on the Quarantine tab inside the Control Center; - added Hungarian language (thanks to translator lostprophet).
- completely redesigned user interface with additional features; - new tab in Control Center: "Status" used to - - view & change main functions; - - view system information & main settings; - new tab in Control Center: "Logs" for easy logfile access and manipulation; - new tab in Control Center: "MCS Cloud" providing stats and latest news; - new option "Add Scan with MCShield to drives' menu" in Control Center > General: - - possibility to start on demand scans via right click menu; - new option "Visual style" in Control Center > General: - - possibility to select one of four visual styles; - new option "Don't scan autorun.inf" in Control Center > Scanner: - - possibility to completely disable AntiAutorun (processing of autorun files); - additional heuristics (AntiRep4) for another family of replicating worms (CryptoLocker and similar); - additional heuristics (AntiScript) for all types of vbscript based worms: - - on the fly decryption, code format & contents analysis; - - support for extremely large malicious files; - improved detection (FME) of worms mimicking legitimate files; - improved detection (AntiRep3) of several replicating worms; - added Simplified Chinese language (thanks to translator Anan); - added Swedish language; - updated all languages for v3 (except Brasilian Portuguese); - fixed an issue that caused the MD5 not to be shown for suspicious files in interactive mode; - improved program initialization time by removing obsolete on-start routines; - digitally signed all executable components: - - improving compatibility and ease of use alongside other security software; - - giving users the possibility to verify the origin and authenticity of the software; - various other improvements (code stability, graphics, program logic...).
ky331
3 Apprentice
•
15.6K Posts
0
October 11th, 2012 20:00
As you know, I'm certainly a believer in layered security. But at times, I wonder when it's becomming "over-kill": with both avast and MBAM running (checking files) in real-time, do I really need a specialized program to check files on my flash drive?
I did not take the time to read the entire thread at avast --- it's over 7 pages now --- but I'm wondering why the avast people there feel the need (weakness in avast?) for this program???
Hernan, in your case, you also have the D+ from Comodo...
Bugbatter
3 Apprentice
•
20.5K Posts
0
October 11th, 2012 21:00
ky331
3 Apprentice
•
15.6K Posts
0
October 12th, 2012 06:00
I fully agree with BugBatter.
Years ago, I was eager to at least test --- and often continue to use --- many security products. I would routinely run scan after scan --- seemingly to the point of paranoia --- without ever finding anything [aside from tracking cookies]. I continued to keep some products around (e.g., SpyBot) long after others dropped it, out of a sense of "familiarity"/"comfort". In SpyBot's case --- a program intentionally filled with redundancies to "insure" its protection --- I gradually gave it up piece-by-piece: first, its SDHelper IE-Helper module, then its TeaTimer, then its scanner (as scan times on my older system rose to about 45 minutes), and finally its immunization/HOSTS-file... at which point, there was nothing left of SpyBot.
A year ago, I had occasion to reformat my older system. Starting "fresh" --- and wanting to keep the system "crisp" --- I was very deliberate in what I decided to install. I did not include SpyBot. And I opted for just one alternate browser [in addition to IE].
I have a new system now [while still keeping the older one "around'], which is MUCH faster overall. Regardless, I don't want to install more on it than I have to, more than I will actually use.
Unless you're a total expert, or someone who wants to risk fate, we all need ONE anti-virus on our systems. Which to select is completely up to each user. Most of us gain a familiarity with a product, and then have a sense of comfort staying with it. Some believe the "big name" paid products offer better protection, and don't want to risk "gambling" on a "freebie"... while others rely completely on free products. To each his/her own.
Unfortunately, too many users believe that an anti-virus program guarantees them complete security, and then are shocked when their system becomes infected. What they don't realize is that, if they click on infected e-mail links, or indiscriminately click YES to all prompts, they are giving permission to malware to load onto their system.
That's reason for ONE realtime anti-malware program. I won't be "shy" here: MBAM is the only paid program I advocate people use. It nicely supplements the anti-virus of your choice. And tends to catch most of the rogue programs that can slip-by [even the best of] antiviruses.
Beyond ONE anti-virus, and ONE resident anti-malware program [MBAM or otherwise], it's all a matter of "user's choice": what you feel comfortable with, what you believe works for you. If you wish to install several [non-resident] anti-malware scanners... and run endless scans with them... that's certainly your choice. But if doing so consumes all your time --- eating away at your productivity --- that's when it becomes way too much. Unless you are totally paranoid: for the paranoid, what I consider "over-kill" is what they deem necessary.
We often speak of "safe surfing": avoiding questionable sites (pornography, P2P file sharing), saying this is the first step toward keeping your machine clean. For people who do so, they may be able to get-by with a minimal security configuration. But for those who choose to practice risky behavior, and/or for those who have actually experienced and suffered through a virus/malware infection, then additional [layers of] protection would indeed seem prudent.
So yes, there are good reviews/testing of products offered in this forum. Joe does some excellent work in this capacity. If you like what you read from him... or from other "regulars" like BugBatter, Iroc9555, or RedDawn... go ahead and try things. See what you like... see what [you believe] works for you. Choose as little or as much [non-conflicting] security as you feel you need... of course STOPPING should you encounter actual conflicts, or if you can actually "sense" your system slowing down.
[I realize I'm rambling at this point, not sure what I'm actually trying to say, so I'm just gonna stop here...]
iroc9555
2 Intern
•
1K Posts
0
October 12th, 2012 06:00
ky331
3 Apprentice
•
15.6K Posts
0
October 12th, 2012 08:00
One additional thought in reference to MCShield: I think much of the decision on whether or not to use that program may depend on how often one uses a Flash drive [or other external storage media]... and how often (if at all) the Flash drive comes from a potentially "untrustworthy source" [by which I mean, anyone other than yourself]. Without doubt, if relatives/friends/colleagues are permitted to use THEIR Flash drives on YOUR computer, then yes, there's a clear need for such additional protection. If however, you're the only one to access your system, and you use the same Flash drive each time [which no one else uses], you should be safe with your anti-virus program [which should have tested the files before allowing them to be saved on your Flash drive]. But yes, even in the latter case, the extra protection couldn't hurt.
joe53
2 Intern
•
5.8K Posts
0
October 12th, 2012 11:00
My experience mirrors ky's.
I've tested and discarded far more security products over the years than I care to mention. I don't believe any of the security products I currently use were in my war chest 10 years ago. The battle lines against the bad guys keep shifting.
There is no question there is such a thing as "too much security" and a potential for conflicts. And obsessive on-demand scans are probably not a good defensive strategy. But we do need to continually re-evaluate our options.
Thanks for the info, Hernan.
ky331
3 Apprentice
•
15.6K Posts
0
October 13th, 2012 11:00
dr_Bora/Borislav:
Welcome the the DeLL Forums, and thank you for your input on this topic. Birdies are wonderful assistants.
dr_Bora
1 Message
0
October 13th, 2012 11:00
Hello everyone...
I'm one of the programmers of MCShield. A birdie told me about this topic, so I came to advertise a bit. :emotion-2:
To begin with, what is MCS? It's a preventive tool meant to block infections that are transmitted via removable drives.
The fact is, for the last 7, 8 years I've been an active forum helper doing malware removal topics. At a certain point in time, I've noticed an irritating issue: some users kept coming back infected after a few days. You're guessing how they got reinfected?
First bobby (the other programmer) made USBNoRisk which was a helper tool and provided means to analyze flash drives and do manual (scripted) cleanup.
While testing USBNoRisk, I've had a chance to play around with a whole bunch of flash infectors and, as the time went by, I noticed that those baddies follow certain "behavior" patterns. So, if I open a flash drive, I see what's bad.
One day I got an idea: what if I could transfer that "human eye / mind based detection" to a number of algorithms? Well, that's exactly what I did.
After some testing, I realized that kind of program could be of use and released it to public. Now? We don't have millions of users, but what makes me believe all this was not a waste of time is the Stats tab (almost 300 thousand treated items, and that's not the realistic number because we started counting items with version 2). So, a few thousand active users and almost 300 k times the program needed to do something. The way I see it, those that need / use this program, definitely have a use for it.
Who needs MCS? Let's put it this way: who needs a firewall? If you're offline, you don't. Do you need it if you're connected to the internet? Yes, you do, but...
If we say that the FW is to protect us from network worms (I know it does more, just ignoring that fact now to make an example :emotion-4:), do we really need it if we use an antivirus? I mean, the AV does detect worms, right? But we still use firewalls, don't we?
To make the long story short: AV needs a signature. MCS, generally, doesn't. If you use flash drives (of any type), then you could have use for a program like this. Simply, MCS is better than an AV when it comes to this kind of infection sources (for a simple reason: it works with non active, non critical files, so it can rely on generic detections much more than an AV can).
It could be said that MCS is targeted at novice / average user, but advanced users could also spare some time (by letting MCS do what they would otherwise need to do manually).
Actions it does? Renames suspicious files, deletes malicious files and malware related folders, restores the attributes of legit files and folders if it determines that they have been hidden by malware. So, it does a bit more that the AV does.
Potential conflicts have been mentioned... Important thing to note is that MCS is a pure user mode program which means it can't cause any real trouble.
There are no drivers that could conflict with your AV and the usage of system resources is minimal (the Drive Monitor simply waits for a new drive and than launches the Drive Scanner).
And now I'll stop writing... :emotion-1:
Borislav
iroc9555
2 Intern
•
1K Posts
0
October 14th, 2012 07:00
Welcome to DeLL Forum dr_Bora.
Better for the programmer to explain how an application works than an user who just is playing with it.
Thanks.
ky331
3 Apprentice
•
15.6K Posts
0
October 25th, 2012 12:00
v 2.2.4.16: 25th October 2012.
- fixed an issue regarding encryption of certain quarantined files;
- fixed an issue that caused longer scan and wrong tray notification when the program was fixing a false positive.
-----
Note: I have decided to post the update information here, in the thread where we've been discussing McShield, rather than the "daily update" thread we keep at Dell. People who are using or testing this program should keep it updated.
iroc9555
2 Intern
•
1K Posts
0
October 25th, 2012 15:00
Thanks David.
To update. The program will inform you of the new version and it will ask you to download it to the desktop. If you have MCShield active in system tray, right click it and exit before applying the new update, just in case.
ky331
3 Apprentice
•
15.6K Posts
0
December 16th, 2012 09:00
- implemented a new generic detection routine (for more precise detection/remediation of Trojan:VBS/Autorun.B (MS));
- added Persian language (thanks to translator Seyed Ehsan Hadi).
v 2.3.3.17: 29th November 2012. <==== ( earlier version )
- fixed an issue that caused some quarantined items not to be shown on the Quarantine tab inside the Control Center;
- added Hungarian language (thanks to translator lostprophet).
iroc9555
2 Intern
•
1K Posts
0
February 10th, 2013 06:00
New MCShield version 2.5.3.19 has been released.
Download:
http://amf.mycity.rs/mcshield/downloads.html
ky331
3 Apprentice
•
15.6K Posts
0
February 10th, 2013 08:00
MCshield v 2.5.4.20: 10th February 2013 [SECOND update today!]
- fixed a bug related to autoupdate (if database notifications are off, the new setup would not be started after download).
ky331
3 Apprentice
•
15.6K Posts
0
January 25th, 2014 05:00
MCShield v3.0.3.26 v3 final: 25th January 2014.
- completely redesigned user interface with additional features;
- new tab in Control Center: "Status" used to
- - view & change main functions;
- - view system information & main settings;
- new tab in Control Center: "Logs" for easy logfile access and manipulation;
- new tab in Control Center: "MCS Cloud" providing stats and latest news;
- new option "Add Scan with MCShield to drives' menu" in Control Center > General:
- - possibility to start on demand scans via right click menu;
- new option "Visual style" in Control Center > General:
- - possibility to select one of four visual styles;
- new option "Don't scan autorun.inf" in Control Center > Scanner:
- - possibility to completely disable AntiAutorun (processing of autorun files);
- additional heuristics (AntiRep4) for another family of replicating worms (CryptoLocker and similar);
- additional heuristics (AntiScript) for all types of vbscript based worms:
- - on the fly decryption, code format & contents analysis;
- - support for extremely large malicious files;
- improved detection (FME) of worms mimicking legitimate files;
- improved detection (AntiRep3) of several replicating worms;
- added Simplified Chinese language (thanks to translator Anan);
- added Swedish language;
- updated all languages for v3 (except Brasilian Portuguese);
- fixed an issue that caused the MD5 not to be shown for suspicious files in interactive mode;
- improved program initialization time by removing obsolete on-start routines;
- digitally signed all executable components:
- - improving compatibility and ease of use alongside other security software;
- - giving users the possibility to verify the origin and authenticity of the software;
- various other improvements (code stability, graphics, program logic...).